Skip to content
Mend

store artifact #60

Sign in to view logs

store artifact

store artifact #60

Workflow file for this run

.github/workflows/mend.yml at a3cf9ba
name: Mend
on:
push:
branches:
- main
paths-ignore:
- site/**
- examples/**
workflow_dispatch:
inputs:
branch:
type: string
required: true
default: main
workflow_call:
secrets:
WS_APIKEY_NGINX:
required: true
WS_USER_KEY:
required: true
inputs:
product_name:
type: string
required: true
project_name:
required: true
type: string
concurrency:
group: ${{ github.ref_name }}-mend
cancel-in-progress: true
permissions:
contents: read
jobs:
# check-if-allowed:
# name: Verify Environment
# if: ${{ ( github.repository_owner == 'nginx' || github.repository_owner == 'nginxinc' ) }}
# runs-on: [ ubuntu-latest ]
# steps:
# - name: Check if we're in the allowed environment
# run: |
# org_found=0
# event_found=0
# ref_found=0
# ALLOWED_ORGS="nginx nginxinc"
# ALLOWED_EVENTS="push workflow_dispatch"
# ALLOWED_REFS="refs/heads/main refs/heads/master refs/heads/stable-1.28"
# for org in $ALLOWED_ORGS; do
# if [ "$org" == "$GITHUB_REPOSITORY_OWNER" ]; then org_found=1; fi
# done
# for event in $ALLOWED_EVENTS; do
# if [ "$event" == "$GITHUB_EVENT_NAME" ]; then event_found=1; fi
# done
# for ref in $ALLOWED_REFS; do
# if [ "$ref" == "$GITHUB_REF" ]; then ref_found=1; fi
# done
# if [ $org_found$event_found$ref_found -ne 111 ]; then
# echo "Repository owner, event, or ref are not explicitely allowed to use this workflow: $GITHUB_REPOSITORY_OWNER, $GITHUB_EVENT_NAME, $GITHUB_REF"
# exit 1
# fi
# exit 0
scan:
name: Mend
runs-on: ubuntu-22.04
#needs: check-if-allowed
outputs:
mend-report-file: ${{ steps.report.outputs.mend-report-file }}
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# with:
# ref: ${{ inputs.branch && inputs.branch || github.ref }}
- name: Download agent
run: curl -fsSLJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar
- name: Verify JAR
run: jarsigner -verify wss-unified-agent.jar
- name: Scan and upload
env:
WS_URL: "https://f5.whitesourcesoftware.com/agent"
WS_APIKEY_NGINX: ${{ secrets.WS_APIKEY_NGINX }}
PRODUCT_NAME: ${{ inputs.product_name}}
PROJECT_NAME: ${{ inputs.project_name}}
WS_CHECKPOLICIES: true
WS_FORCECHECKALLDEPENDENCIES: true
WS_GENERATESCANREPORT: true
WS_FORCEUPDATE: true
WS_FORCEUPDATE_FAILBUILDONPOLICYVIOLATION: true
WS_USER_KEY: ${{ secrets.WS_USER_KEY }}
run: |
if [ -z "$WS_APIKEY_NGINX" ] || [ -z "$WS_USER_KEY" ]; then
echo "Secret is empty"
exit 1
fi
if [ -z "$PRODUCT_NAME" ] || [ -z "$PROJECT_NAME" ]; then
echo "Project Name is empty"
exit 1
fi
java -jar wss-unified-agent.jar -noConfig true -wss.url $WS_URL -apiKey $WS_APIKEY_NGINX -userKey $WS_USER_KEY -product $PRODUCT_NAME -project $PROJECT_NAME -d ./
exit_code=$?
echo -e "\nEXIT CODE is: $exit_code\n"
if (( exit_code == 254 )); then
exit 254
else
printf "\nMend scan completed successfully. Exiting with code = 0\n"
exit 0
fi
- name: Check if report is generated
id: report
shell: bash
run: |
ls -lt whitesource/
find whitesource -type f -name "${PROJECT_NAME}*scan_report.json"
echo "mend-report-file=$(find whitesource -type f -name "${PROJECT_NAME}*scan_report.json" | head -n 1)" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
- name: Print scan report
id: print
run: |
cat ${{ steps.report.outputs.mend-report-file }} | jq .
- name: Store mend report
uses: actions/upload-artifact@v4
with:
name: mend-report
path: whitesource
retention-days: 14
upload:
name: Archive mend scan report
needs: scan
runs-on: ubuntu-22.04
steps:
- name: Prepare mend archive
shell: bash
run: |
echo Archiving mend report
- name: Upload mend archive
shell: bash
run: |
echo Uploading mend archive to...